I have generated a keypair using pkcs11-tool --keypairgen -l --key-type rsa:1024 --id 123
pkcs15-tool --dump
outputs the following:
PKCS#15 Card [NITROKEY HSM INTFRA1]:
Version : 0
Serial number : DENK0103471
Manufacturer ID: www.CardContact.de
Flags :
PIN [UserPIN]
Object Flags : [0x3], private, modifiable
Auth ID : 02
ID : 01
Flags : [0x812], local, initialized, exchangeRefData
Length : min_len:6, max_len:15, stored_len:0
Pad char : 0x00
Reference : 129 (0x81)
Type : ascii-numeric
Path : e82b0601040181c31f0201::
Tries left : 3PIN [SOPIN]
Object Flags : [0x1], private
ID : 02
Flags : [0x9A], local, unblock-disabled, initialized, soPin
Length : min_len:16, max_len:16, stored_len:0
Pad char : 0x00
Reference : 136 (0x88)
Type : bcd
Path : e82b0601040181c31f0201::
Tries left : 15Private RSA Key [Private Key]
Object Flags : [0x3], private, modifiable
Usage : [0x2E], decrypt, sign, signRecover, unwrap
Access Flags : [0x1D], sensitive, alwaysSensitive, neverExtract, local
ModLength : 1024
Key ref : 1 (0x1)
Native : yes
Auth ID : 01
ID : 0123
MD:guid : 16643ecc-e9bf-581d-e146-84138fddff8fPublic RSA Key [Private Key]
Object Flags : [0x0]
Usage : [0x51], encrypt, wrap, verify
Access Flags : [0x2], extract
ModLength : 1024
Key ref : 0 (0x0)
Native : no
ID : 0123
DirectValue :
When I try to export the key using sc-hsm-tool -W wrap.bin --key-reference 1
I get the following output:
Using reader with a card: Nitrokey Nitrokey HSM (DENK01034710000 ) 00 00
Enter User PIN :sc_card_ctl(*, SC_CARDCTL_SC_HSM_WRAP_KEY, *) failed with Not allowed
Any ideas on how this could be resolved?